diff options
| author | Douwe Maan <douwe@selenight.nl> | 2017-10-12 12:01:12 +0300 |
|---|---|---|
| committer | Douwe Maan <douwe@selenight.nl> | 2017-11-02 13:39:02 +0300 |
| commit | 294fa6fcdcfa7d76bc97b754d2930f3686f54997 (patch) | |
| tree | dd2093f86c6828fa59a5a4cbd79ffda16e883382 /lib | |
| parent | c03d39df8234be7fc6c846df05e08f204e6f0456 (diff) | |
Remove authentication using user.private_token
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/api_guard.rb | 22 |
1 files changed, 6 insertions, 16 deletions
diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb index 87b9db66efd..0ff376bbab6 100644 --- a/lib/api/api_guard.rb +++ b/lib/api/api_guard.rb @@ -44,7 +44,7 @@ module API module HelperMethods def find_current_user user = - find_user_from_private_token || + find_user_from_personal_access_token || find_user_from_oauth_token || find_user_from_warden @@ -61,13 +61,14 @@ module API private - def find_user_from_private_token + def find_user_from_personal_access_token token_string = private_token.to_s return nil unless token_string.present? - user = - find_user_by_authentication_token(token_string) || - find_user_by_personal_access_token(token_string) + access_token = PersonalAccessToken.find_by_token(token_string) + raise UnauthorizedError unless access_token + + user = find_user_by_access_token(access_token) raise UnauthorizedError unless user @@ -99,17 +100,6 @@ module API find_user_by_access_token(access_token) end - def find_user_by_authentication_token(token_string) - User.find_by_authentication_token(token_string) - end - - def find_user_by_personal_access_token(token_string) - access_token = PersonalAccessToken.find_by_token(token_string) - return unless access_token - - find_user_by_access_token(access_token) - end - # Check the Rails session for valid authentication details def find_user_from_warden warden.try(:authenticate) if verified_request? |